Of late, I am getting a lot of greeting cards. Since I’m pretty much immune to long winded scam emails saying I’ve inherited a large amount of cash in some distant country, scammers have switched tactics. Greeting card spam? They’re not the newest trick in the book, but they can do a lot of damage!
A typical fake greeting card purports to be from a friend, but most of the time, these are just mass mailed in generic style. If you open up the email, you see a link where you can supposedly view the card. But the link only serves to take you to a malware occupied site where it installs a Trojan onto your computer or attempt other nasty browser exploits while you are busy taking a look at the card.
These dangerous greeting cards are often “disguised” as having come from legit greeting card sites, so many people let down their guard. Since people naturally love gifts, some will open the greeting cards by accident, thus becoming victims. This exploitation method has even been dubbed as an example of social engineering, and for spam, it’s been pretty effective compared to all the other methods!
According to tech security sources, most of the spam is coming from a few major spam botnets comprising hundreds of thousands of compromised computers. One of these is the Srizbi botnet.
Some tell tale signs of fake greeting cards include:
- Asking you for credit card or bank information (on phishing/spoof sites).
- Asking you to open some link in order to view the card, which then downloads malware onto your machine.
- The senders call themselves admirers, friends, neighbors, or even try to spoof your loved ones/family members, if possible.
- The link where you pick up the card is not the legitimate site of the ecard itself, but just an IP address, or on a totally different domain.
Greeting card spam can also be sent from bots/human spammers operating in popular chat/IM systems like Yahoo Messenger, AIM or ICQ. After all, who can resist an e-card from an “admirer?” I used to get this kind of greeting card spam from total strangers in ICQ. That was years ago, though.
To further cloud the issue, some otherwise legit greeting card companies actually engage in questionable marketing tactics to get more users to their ecards. Other greeting card companies about to go bust could even sell away their email lists to spammers. So in short, are free online greeting cards actually worth the trouble? And such is the prevalence of the spam greeting card problem that a large number of legit greeting card sites are now placing alerts regarding this problem on their sites.
Bottom line is – Never open any link you are not really sure about. If it looks like spam and behaves like spam, then it’s very likely to be spam. If in doubt, copy the link into your browser, and open it in a separate window (remember that the ecard must reside on the main greeting card site itself). Also, stick with trusted greeting card sites, not just any greeting card site. Remember, never open attachments or emails from people you don’t know – Don’t talk to strangers is a good policy at all times.